Senior SOC Analyst (L3)- Rapid7- Remote

Project-Specific Prerequisite Skills:

• Rapid7 InsightIDR (XDR SIEM)
• Rapid7 InsightConnect (SOAR)

Key Responsibilities:

• Incident Detection & Response: Lead incident response activities, ensuring quick detection, analysis, and resolution of security incidents. Provide hands-on support to the SOC team during high-priority events.
• SIEM & SOAR Management: Manage and configure Rapid7 InsightIDR and InsightConnect, including log source integration, custom parser development, and optimization of correlation rules and use cases.
• Threat Analysis: Conduct in-depth analysis of security events to identify successful intrusions and compromises. Differentiate false positives from genuine threats to minimize incident noise.
• Automation & Orchestration: Leverage Ansible, Puppet, Python, and PowerShell to automate repetitive SOC tasks, enhance incident response processes, and improve efficiency.
• Configuration Management: Use Ansible and Puppet to standardize and manage SOC system configurations across multiple environments.
• Investigation Management: Lead investigations of incidents escalated by Level 1 analysts and ensure thorough documentation and resolution.
• Quick Mitigation Techniques: Implement interim defensive measures until permanent solutions can be deployed.
• Security Enhancements: Develop and maintain playbooks in Rapid7 InsightConnect to orchestrate and streamline SOC operations.
• Gap Analysis & Recommendations: Identify gaps in the security environment and recommend appropriate measures for risk mitigation.
• Vulnerability Awareness: Stay up to date with the latest vulnerabilities, threat advisories, and penetration techniques to proactively defend against emerging risks.

Desired Skills:

• 15 years of relevant experience
• Strong experience with Rapid7 InsightIDR and InsightConnect, including advanced configuration, rule development, and integration.
• Proficiency in automation and scripting tools, including Python, PowerShell, and Bash, to streamline security operations.
• Hands-on expertise with Ansible and Puppet for configuration management, automation, and environment standardization.
• Advanced knowledge of SIEM and SOAR tools, with proven experience optimizing detection and response workflows.
• Familiarity with incident response frameworks such as NIST, MITRE ATT&CK, and SANS.
• Strong understanding of firewalls, IDS/IPS, antivirus, EDR, and behavioral analytics tools.
• Experience with API integrations for security toolsets and custom reporting solutions.
• Knowledge of log analysis tools, threat intelligence platforms, and vulnerability scanners.

• Relevant certifications such as GCIH, CEH, CISSP, or certifications related to Rapid7 InsightIDR (must have), Ansible, or Puppet are highly desirable.

Educational & Professional Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent professional experience.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.